In most of the tutorials about Zend Framework the simple theory is described how all these MVC things may work together. However beyond that the things become more and more tricky and not everything is done by the MVC pattern itself.
What I mean is that reading most of the tutorials about ZF I found describing the simple relationship between controllers and views just by setting up a view member variable in the controller and than simply call that variable in the view of that particular controller action.
Setup controller’s view variable. In this example I used the default ZF IndexController – indexAction:
public IndexController extends Zend_Controller_Action
{
public function indexAction()
{
$this->view->greeting = ‘Hello World!’;
}
}
where afterwards you can call this member variable in the index.phtml view in the index view scripts.
Note: In a typical Zend Framework installation all this is setup into the application folder (either web visible or not), where the IndexController.php file containing the code above is placed into the application/controllers and its indexAction stores its view in the application/views/scripts/index/index.phtml
In that situation the view file, the previously mentioned index.phtml should access this “greeting” variable in something like:
<div><?php echo $this->greeting ?></div>
Note that here you miss the ->view-> part of the chain. That’s because the view’s parsed and now this contains everything that the controller’s view member object contains.
All that is pretty cool and it works great until you start accessing and working with different type of data escaped or not, coming from various sources.
Natively comes the problem of escaping bad strings and the single question is why should I do that? To give you a simple example I’ll describe the above code in a different manner.
Imagine you should setup a browser specific title depending of the controller/action you call. To do that is simple but there comes the tricky part. In the example above we can just change the code a bit.
In the controller you can setup the browserTitle variable:
<?php
class IndexController extends Zend_Controller_Action
{
public function indexAction()
{
$this->view->browserTitle = “Welcome”;
}
}
Than normally in the view you may have something like that:
<html>
<head>
<title><?php echo $this->browserTitle ?></title>
...
Everything until that looks normal and you don’t need to escape whatever as it appears. Even if the browserTitle contains something with quotes:
...
$this->view->browserTitle = ‘Hello ”World”’;
...
This will result in the browser’s source view as:
...
<title>Hello “World”</title>
...
see the image below:
But what if you setup a meta title tag:
<meta name=”title” content=”Hello “World”” />
for the browser that’s an error as shown on the image:
There’s why you simply should be careful when dumping variables all over the page and to use the native ZF escape function.
$this->escape()
In the example above you simply can call the escape function into the view:
<html>
<head>
<title><?php echo $this->browserTitle ?></title>
<meta name=”title” content=”<?php echo $this->escape($this->browserTitle) ?>” />
That will prevent the browser to “crash” and of course and more important will improve the site’s SEO.